April 6, 2018

Link: Apps of a Feather ☍

Twitter may be using a new way to ice out third-party clients:

After June 19th, 2018, “streaming services” at Twitter will be removed. This means two things for third-party apps:

  1. Push notifications will no longer arrive
  2. Timelines won’t refresh automatically

If you use an app like Talon, Tweetbot, Tweetings, or Twitterrific, there is no way for its developer to fix these issues.

We are incredibly eager to update our apps. However, despite many requests for clarification and guidance, Twitter has not provided a way for us to recreate the lost functionality. We’ve been waiting for more than a year.

While Twitter has been making life tougher for third-party clients, this is a big blow and if it happens, would severely cripple a number of key features. The company backtracked today, stating that the change has been postponed from the original June date and promises notice. I hope Twitter does work with developers, as apps like Twitterrific and Tweetbot have made the service much more enjoyable for me.

Furthermore, the third-party app ecosystem might not get Twitter the analytics or ad data, but that ecosystem helped build the user base in its earliest years. It’s also arguably the biggest group of passionate users from Twitter’s earliest days that will stick with the service. I suspect in the grand scheme of things, the number of users aren’t that much, but I’d rather have a crippled, good third-party client than the web site or the doesn’t-know-how-to-use-an-iPad-screen app. If anything, my usage would decrease, rather than shift, and I don’t think I’m alone.

April 3, 2018

Link: Panera’s Web Site Leaks Millions of Customer Records ☍

Brian Krebs:

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.

At this point, how has any reasonably-sized business not done an internal audit of their systems and at least attempted to not be the next data breach headline? In Panera’s case, it’s even more shameful since this was brought to their attention last August. Although not nearly as severe as the Equifax breach both in the amount affected and type of content, it’s still something that should not be happening as much as it is. Furthermore, it is a bit funny that Mike Gustavison, Panera’s director of information security, was previously at Equifax, but left that position in 2013.

Update: If you’re curious of the technical details, Dylan Houlihan discovered the vulnerability and provided a nice write-up including how it was reported.

April 2, 2018

Link: Stop Being Sexist, Siri ☍

Paul Kafasis got an interesting result when he asked Siri for the Notre Dame score last night:

I was initially flummoxed by this result, but with a bit of research I realized this was the men’s team’s last game of the season. It was played back in March, in the National Invitation Tournament, and it was also most decidedly not what I was looking for.

Look, men’s sports are undeniably more popular than women’s sports. Given that, if both the men’s and women’s teams were playing at the same time, it might be reasonable to default to the men’s game. This, however, is simply ridiculous. Rather than showing what is likely the single most popular women’s college event (the championship game of the women’s basketball tournament), Siri is instead showing a fifteen day old men’s game from the second-rate NIT.

I’ve run into similar issues for queries regarding the WNBA and college women’s basketball through Siri in the past and have mostly chalked it up to Yahoo Sports providing the content. ESPN seems to be much more comprehensive (including recognizing that the Tulsa Shock became the Dallas Wings in 2015 and updated the logo accordingly—Siri still shows the former logo). While Kafasis is right that men’s sports are more popular, some little fixes or a change in content provider will make the experience feel that much more polished for those who do care about these things. At one point, I could have sworn that Apple used Yahoo and MLB for baseball data, so why not partner with other leagues to get the most accurate information?

Semi-related, I don’t think Siri provides anything regarding the NWSL, yet Apple’s TV app allows favorite team selection. Funny enough, Verizon’s Go90 is the streaming partner of the NWSL, yet Yahoo (and by extension Siri), now owned by the same Oath division of Verizon as Go90, is oblivious.

March 26, 2018

Link: Main Versus Only ☍

Initial Charge’s Michael Rockwell:

As Matt [Birchler] notes, the distinction of main computer instead of only computer is often lost in the conversation. This isn’t a zero-sum game — using an iPad doesn’t mean you have to remove Macs from your life entirely. Even the most adamant iPad-only nerds continue to use Macs on regular basis — myself included. The frequency might be decreasing as the platform’s capabilities grow, but the Mac still has a place in our lives. Albeit, on a much smaller scale.

I think this is a very worthwhile distinction, as most people have more computers per person than just a few years ago. I reach for my iPhone most often, followed by an iPad at home or an iPad at work as my main device for content creation/longer-form work. The tertiary devices in both instances are more like traditional computers: a Mac mini at home and a Chromebit at work. Those are relegated to very specific use cases or as a “second screen” for the other devices.

Link: A Picture is Worth a Thousand Cookies ☍

Ben Sandofsky, developer of Halide:

This year is turning into a wakeup call for privacy. First we learned about Cambridge Analytica. Now we know Facebook collected call and SMS history for years by abusing Android permissions. It almost feels like every week, we’re seeing another egregious data breach or privacy violation.

Working on a camera app, we have a deep understanding of what’s stored on our phones. We think about privacy a lot, and we’re surprised when people grant access to their photo library without pause.

The post continues with examples of the items that do get shared and how easily, along with what you can do to revoke or limit some access. Also included is the novel idea of pushing photos to Instagram, rather than giving it access to your entire photo library.